Amazon Linux 2 Security Advisory: ALAS-2018-1060
Advisory Release Date: 2018-08-21 17:11 Pacific
Advisory Updated Date: 2018-08-21 23:34 Pacific
Severity:
Important
Issue Overview:
A use-after-free flaw in OpenSLP 1.x and 2.x baselines was discovered in the ProcessSrvRqst function. A failure to update a local pointer may lead to heap corruption. A remote attacker may be able to leverage this flaw to gain remote code execution.(CVE-2017-17833)
Affected Packages:
openslp
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update openslp to update your system.
New Packages:
i686:
openslp-2.0.0-7.amzn2.i686
openslp-server-2.0.0-7.amzn2.i686
openslp-devel-2.0.0-7.amzn2.i686
openslp-debuginfo-2.0.0-7.amzn2.i686
src:
openslp-2.0.0-7.amzn2.src
x86_64:
openslp-2.0.0-7.amzn2.x86_64
openslp-server-2.0.0-7.amzn2.x86_64
openslp-devel-2.0.0-7.amzn2.x86_64
openslp-debuginfo-2.0.0-7.amzn2.x86_64